ARE YOU DOING ENOUGH TO PROTECT YOUR CUSTOMERS’ DATA?

January 28th was Data Privacy Day, but we believe this is something that should be celebrated all year long.

Why? Because your customers expect you to be a good steward of their data. Taking the steps to protect your computer systems will protect your customers, your reputation, and your bottom line.

Here are 8 things you should be doing to protect your customers’ data:

1. Secure your WiFi

This is the easiest step you can take to protect your data. Secure your WiFi with a strong password, and only give it out to those who need it. If you regularly have guests/customers who need WiFi, be sure your network is configured so that no private data or systems are accessible from WiFi networks that you share with customers or guests.

2. Encrypt sensitive and personal information

Use strong encryption mechanisms to secure data wherever it lives or moves—within, or outside of your company. Conduct regular backups to ensure the integrity and availability of all data, and encrypt those backups, too!

3. Secure your systems

Yeah, those, too. Update all your software regularly to ensure it is as secure as possible. From your computers, to your phones, updates usually contain security patches that can protect you from hackers. Install premium security suite software (anti-virus, anti-malware, etc.) on all devices.

4. Have a written information security policy (WISP)

You should always have a written security policy, where you honestly and clearly disclose your data use practices, including your contact information and details on how you collect, use, and share personal data. And train your employees to follow. In fact, some states, including Massachusetts (MA 201 CMR 17.00), require that every business that handles personal information have a WISP.

5. Know what your partners are collecting

In addition to your own privacy practices, you’re also responsible for how your partners use and collect data from your customers and employees. That means that if they get hacked, your business is still on the line. Make sure to confirm that each source has permission to collect and/or share data, and educate all your partners about the significance.

6. Monitor your data

Track the way you use and manage customer data, and make sure you’re on track with your security policy and disclosures. Who knows, you might figure out you don’t actually need to be collecting as much data. Less data, less problems.

7. Safely secure non-digital data, too

Yes, even that. Anything from receipts, to email lists, to handwritten passwords—make sure it’s hard to get into the wrong hands.

8. Educate your employees

More often than not, cyberattacks are the result of human error. The best way to protect yourself against this is to educate your employees on the risks and the best practices for cybersecurity. Encourage the use of strong passwords, and make sure everyone knows what they should be aware of.

How many of these are you doing now? If it’s not all of them, then it’s not enough. If you have questions or want some help, contact us.

And here’s a bonus #9.

Do you do business in Europe? Updated data privacy legislation called GDPR goes into effect on May 25, 2018 and lays out new requirements for how to handle data from EU citizens. The legislation is broad and carries significant penalties for non-compliance. Be sure your company is GDPR ready by reviewing privacy and security policies and procedures to ensure they comply with GDPR.